The Near Field Communications (NFC) standard (18000-3) defines the communication protocol between peer to peer NFC active devices and also between NFC active devices and NFC passive “tags” in terms of flow control, message formats, speed (106 Kbs/Miller coding 100% modulation to 424 Kbs/Manchester coding 1% modulation) and frequency (13.56 MHz), but not a methodology for managing multiple Secure Element (SE) partitions.
An SE is a tamper proof (PCI/PED-like) integrated circuit card (ICC) chip/SIM card/micro-SD (Secure Digital) module capable of embedding smart card-grade applications (e.g., payment, ticketing, access control, etc.) security features. The SE is connected to an NFC chip, which acts as a contactless front end radio frequency (RFID) interface and contains among other things the Card-Issuer's security domain Access Control data (used to manage multiple Application Security Domains which in turn contain the Application Developer's security domain Access Control data).
NFC technology provides high data transmission speed, communications protocol simplicity and low cost, but NFC technology has introduced security vulnerabilities that allow, for example: i) eavesdropping by unauthorized parties (‘snooping’), data modification or insertion, ii) data manipulation, corruption and insertion by impersonators (‘phishing’), and iii) denial of service (‘jamming’) and virus attacks by supposedly trusted parties.
To protect the NFC data exchange, processing and storage privacy and integrity, the major Card Issuers have formed alliances with either the mobile operating systems developers or the NFC device manufacturers, and implemented proprietary proof-of-end point protocols using public key signatures and message encryption and authentication.
However, an NFC enabled device (such as a smart-phone) is generally the property of—or at least for the exclusive use of—an individual consumer. Such a consumer may have multiple credit cards, electronic wallets or the like provided by a plurality of financial or other institutions, but the current dedicated security solutions and SE management methodologies do not permit the existence of multiple SE on the same NFC enabled device.